PatchMon: Centralized Linux Patch Monitoring and Automation Platform
Summary
PatchMon is an open-source Linux patch monitoring and automation platform designed for diverse server environments. It offers centralized patch management with an outbound-only agent model, enhancing security by eliminating inbound ports on monitored hosts. The platform provides comprehensive visibility into package updates and supports various Linux distributions.
Repository Info
Tags
Click on any tag to explore related repositories
Introduction
PatchMon is an open-source Linux Patch Monitoring Automation Platform designed to simplify centralized patch management across diverse server environments. It enables comprehensive visibility into outdated packages and supports safe automation, all while maintaining a strong security posture through its outbound-only agent model. This means no inbound ports are required on your monitored hosts, significantly reducing the attack surface.
Key features include a customizable dashboard, multi-user accounts with roles and permissions, detailed host and package inventory, and a robust REST API for integrations. PatchMon supports various Linux distributions, including Debian, Ubuntu, CentOS, and Red Hat, making it a versatile tool for system administrators and DevOps teams.
Learn more about PatchMon on its official website or explore the source code on GitHub.
Installation
PatchMon offers flexible self-hosting options, with Docker being the preferred method for quick setup.
Docker Installation
For detailed instructions on getting started with Docker, please refer to the official Docker documentation.
Native Install (Ubuntu/Debian)
For advanced users or non-Docker environments, PatchMon can be installed natively on a clean Ubuntu or Debian server. Ensure your server meets the minimum specifications (2 vCPU, 2GB RAM, 15GB Disk).
First, update your system and install curl:
# For Debian
apt update -y
apt upgrade -y
apt install curl -y
# For Ubuntu
apt-get update -y
-get upgrade -y
apt install curl -y
Then, run the one-line installer script:
curl -fsSL -o setup.sh https://raw.githubusercontent.com/PatchMon/PatchMon/refs/heads/main/setup.sh && chmod +x setup.sh && bash setup.sh
During setup, you will be prompted for details like your domain/IP, SSL preference, and email (if SSL is enabled). After installation, visit http(s)://<your-domain> to complete the first-time admin setup.
Examples
To ensure PatchMon reflects the latest package status immediately after a manual update on your host, you can manually trigger the agent to send results:
/usr/local/bin/patchmon-agent.sh update
This command forces the agent to collect and transmit the current package information to your PatchMon server without waiting for the next scheduled update.
Why Use PatchMon?
- Centralized Management: Gain a single pane of glass for managing patch status across all your Linux servers.
- Enhanced Security: The outbound-only agent model eliminates the need for inbound firewall rules on monitored hosts, significantly reducing your attack surface.
- Broad OS Support: Seamlessly monitor and manage updates for popular distributions like Debian, Ubuntu, CentOS, and Red Hat.
- Automation & Visibility: Get comprehensive insights into outdated packages and leverage safe automation features to streamline your update processes.
- Flexible Deployment: Choose between easy Docker deployment or a native installer for Ubuntu/Debian, adapting to your infrastructure needs.
- API & Integrations: Utilize the powerful REST API for custom integrations, including automatic discovery and enrollment of Proxmox LXC containers.
Links
- Website: patchmon.net
- Documentation: docs.patchmon.net
- GitHub Repository: PatchMon/PatchMon
- Discord: Join the PatchMon Discord Server
- Roadmap: View the PatchMon Roadmap